snakekeylogger | b9e8a101512f2b8cb6223e26f8449b07371a64bad0ef7ba3fb63a3397518a817 | Triage

Submit
Reports

Overview

overview

Static

static

3

ORDER IV2312-002.exe

windows7-x64

3

ORDER IV2312-002.exe

windows10-2004-x64

Sharing

General

Target

b9e8a101512f2b8cb6223e26f8449b07371a64bad0ef7ba3fb63a3397518a817
Size

481KB
Sample

231204-veee1sch9t
MD5

c5b39c8776e16e1431b84c2e21784167
SHA1

770c958a2565fb558eead2fdf90e84d4d481708e
SHA256

b9e8a101512f2b8cb6223e26f8449b07371a64bad0ef7ba3fb63a3397518a817
SHA512

b028e8144354a0c298d704c8de9a380f41368c26c4cf19642602a3909358b35e576fca51da304615f502aa6f494603bf7a1f8bf316610bd7695873e5333d65b5
SSDEEP

12288:pKWIcjo+83YdbRNWGncJ3z0WkJMSsXEDLntYxbX9sLPYEAp4FYaLE0F:ptIW9sMRdcJj0eXEPntYVX9sLrAp4BDF

Score

10^/10

snakekeylogger collection keylogger spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ORDER IV2312-002.exe

Resource

win7-20231130-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral2

Sample

ORDER IV2312-002.exe

Resource

win10v2004-20231127-en

snakekeylogger collection keylogger spyware stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  ORDER IV2312-002.exe
- Size
  
  627KB
- MD5
  
  6c35b13a84d8b7e80ebd6acfc6a6fcec
- SHA1
  
  c92b80bb36ea3de1a82e00e0469b4e70d1bb0861
- SHA256
  
  57729b4d62da45292959066a891a31d3e1f5408f158763c7f73e324b935ba6e0
- SHA512
  
  185fc5c302bfc56815b9979364c4dd61b034d00c19803e61194084405b8fb6e0c5353022079291acec4b24d118aa99c6d52dd1cd75a2b25c36fe7e14f1c749fc
- SSDEEP
  
  6144:LtJXlE7ddnDuHcfRdLv2wHyacmeo3abeS7HPX8imgN7KEm/Jt1RJdVpzlEFxX6Lv:dEh5tPPEAE8i9N61HdVpYxC2/+0
Score

10^/10

snakekeylogger collection keylogger spyware stealer
- Snake Keylogger
  Keylogger and Infostealer first seen in November 2020.
  stealer keylogger snakekeylogger
- Snake Keylogger payload
- Reads user/profile data of local email clients
  Email clients store some user data on disk where infostealers will often target it.
  spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

snakekeyloggercollectionkeyloggerspywarestealer

© 2018-2024

Terms | Privacy